Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Warning! spyware detected on your computer!

desirae33

Posted 08 June 2008 - 03:12 AM

desirae33

Member

Member

108 posts

Hey everyone. I'm new to this...someone on another forum recommended this site because she had the exact same problem and she said your we're able to help her,so hopefully you can do the same for me My computer has the reading "warning! Spyware detected on your computer. Install and antivirus or spyware remover to clean your computer."

This warning is in a blue and yellow box (yellow on top).

Also, my desktop is completely blue and when my computer goes into screensaver mode, all these bugs start crawling on it, eating away at the desktop making it blue.

Advertisements

MichWasHere

Posted 09 June 2008 - 11:41 AM

MichWasHere

Member

Member

424 posts

Hi Desirae, welcome to Geeks to Go

I'm in training right now so I am posting under supervision, there may be a lag between my replies as they have to be checked before I say them to you. I have gone through your log and will be posting help for you shortly

If you have already resolved this problem or are receiving help elsewhere please let us know so this topic can be closed

desirae33

Posted 09 June 2008 - 07:02 PM

MichWasHere

Posted 09 June 2008 - 07:08 PM

MichWasHere

Member

Member

424 posts

Hello again Please print these directions or save them to a notepad file for later reference.

You need to disable real time protection programsWhile these programs are excellent tools for the safety of your system, they can sometimes prevent HijackThis from fixing certain things. Please disable them for now following the directions below, they can be re-activated once your HijackThis log is clean.

Optional ProgramYou have a toolbar installed named "Idols Toolbar". Can you tell me if you installed it on purpose and if you use it? This is potentially dangerous software so if the answer to my questions is no we will be uninstalling it later. Please don't do anything with it yet.

You will be prompted to install an ActiveX component from Kaspersky, Click "Yes".- The program will launch and then begin downloading the latest definition files:- Once the files have been downloaded click on "NEXT"- Next click on "Scan Settings"- In the scan settings make that the following are selected:"Scan using the following Anti-Virus database:""Extended" (if available otherwise "Standard")

- Scan Options:"Scan Archives""Scan Mail Bases"

- Click "OK"

- Now under "select a target to scan" select "My Computer"- The program will start and scan your system.- The scan will take a while so be patient and let it run.- Once the scan is complete it will display if your system has been infected.

Next click on the "Save as Text" button:- Save the file to your desktop.- Copy and paste that information in your next post.

Get DSS LogsPlease download Deckard's System Scanner (DSS) and save it to your Desktop.- Close all other windows before proceeding.- Double-click on dss.exe and follow the prompts.- If your anti-virus or firewall complains, please allow this script to run as it is not malicious.- When the scan has finished, two notepad files will open named main.txt and extra.txt. Please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt in one reply and extra.txt in a separate reply.

desirae33

Posted 09 June 2008 - 09:12 PM

MichWasHere

Posted 09 June 2008 - 10:02 PM

MichWasHere

Member

Member

424 posts

Desirae, if he uninstalled it since you made your first post then I'm going to need you to post a new hijack this log for me, can you do that for now please I will have to get back to you on it tomorrow though. It's getting past my bedtime

Event Record #/Type6932 / WarningEvent Submitted/Written: 06/10/2008 01:06:57 AMEvent ID/Source: 1524 / UserenvEvent Description:Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type18076 / WarningEvent Submitted/Written: 06/10/2008 00:54:35 PMEvent ID/Source: 3004 / WinDefendEvent Description:%YVETTE-DB9158CD27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %YVETTE-DB9158CD27 can't undo changes that you allow.

For more information please see the following:%YVETTE-DB9158CD275

Scan ID: {61D9583B-A323-460A-865C-29804AF98817}

User: YVETTE-DB9158CD\Yvette

Name: %YVETTE-DB9158CD271

ID: %YVETTE-DB9158CD272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %YVETTE-DB9158CD276

Alert Type: %YVETTE-DB9158CD278

Detection Type: 1.1.1593.02

Event Record #/Type18057 / ErrorEvent Submitted/Written: 06/10/2008 00:53:26 PMEvent ID/Source: 7000 / Service Control ManagerEvent Description:The npkcrypt service failed to start due to the following error: %%2

Event Record #/Type18048 / WarningEvent Submitted/Written: 06/09/2008 10:34:11 PMEvent ID/Source: 3004 / WinDefendEvent Description:%YVETTE-DB9158CD27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %YVETTE-DB9158CD27 can't undo changes that you allow.

For more information please see the following:%YVETTE-DB9158CD275

Scan ID: {A62925D9-9A1D-46B8-B9AC-32400F543676}

User: YVETTE-DB9158CD\Yvette

Name: %YVETTE-DB9158CD271

ID: %YVETTE-DB9158CD272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %YVETTE-DB9158CD276

Alert Type: %YVETTE-DB9158CD278

Detection Type: 1.1.1593.02

-- End of Deckard's System Scanner: finished at 2008-06-10 17:37:34 ------------